i m using moodle framework and passwordsaltman encryption please help me out how to decrypt it any script or any way how?????
An important property of such functions is that they are irreversible ("it is infeasible to generate a message that has a given hash").
...even if it was possible, do you think it would be a good idea to have a Forum post here explaining how to do it !?!? lol
The fundamental question is, how Open Source Software can hide such information?
Moodle does not encrypt passwords. It hashes them using a one-way hash function.
This is common practice, in irreversible by design.
Hi Tim Hunt,
need some help regarding the same. I want to add a column in mdl_user
in which original password of user in stored (Not hashed). Is there a
way to achieve this? In which file moodle does its insert query for the
Here is the right way to do this:
I know it is not at all a good practice. But i have got a task from my employer that the admin should be able to login to any user's account. Please help me what should i do?
The original design was to simply 'md5' the password. The problem with that is that if you use a common word for a password and someone gets hold of the hashed password it is trivial to reverse. This is no big secret, there are sites that have database of common (and not so common) md5 hashes and can easily decode them.
However, if you use a lengthy and reasonably random salt this all but makes this impossible. It's still theoretically possible to crack passwords if you know the salt and the method used (easy enough with Moodle) but it would still only work for 'dictionary' words.
So... use a good salt, leave the password restriction settings turned up and keep your salt secret. In which case, it's near enough to impossible to decode the passwords.
However, to answer the original question as posed, no you cannot. That's the idea!